Security
|
|
|
|
<?php
// Config : [ You must set these options ]
$sql_host = "localhost" ; // MySQL host
$sql_user = "user" ; // MySQL username
$sql_pass = "pass" ; // MySQL password
$sql_db = "dbname" ; // Database name
// End of config //
$link = mysql_connect ($sql_host, $sql_user, $sql_pass) or die("Could not connect : " . mysql_error());
mysql_select_db ($sql_db) or die ("Could not select database '{$sql_db}' .");
$query = "SHOW TABLES FROM $sql_db" ;
$r = mysql_query ($query) or die ("Query failed : " . mysql_error());
$dbase = 0 ;
while ($row = mysql_fetch_row($r)) if ($row[0]=="protect_users") $dbase = 1 ;
if ($dbase != 1)
{
$query = "CREATE TABLE protect_users (id CHAR(20), passwd CHAR(34))" ;
$r = mysql_query($query) or die("Query failed : " . mysql_error());
$pass = crypt('phpclub', 'pc') ;
$query = "INSERT INTO protect_users VALUES ('admin', '{$pass}')";
$r = mysql_query($query) or die("Query failed : " . mysql_error());
}
login_check() ;
if(isset($_GET['logout'])) protect_logout() ;
if($_COOKIE['protect_user']=='admin') protect_admin() ;
/******** Functions : ********/
function login_check()
{
global $link ;
if (!isset($_COOKIE['protect_user']) || !isset($_COOKIE['protect_passwd'])) login_get() ;
$chars = count_chars($_COOKIE['protect_user']) ;
if($chars[0] || $chars[ord("'")]) { setcookie("protect_user", '', time(), '/') ;
die('Alarm !') ; }
$user = addslashes($_COOKIE['protect_user']) ;
$passwd = $_COOKIE['protect_passwd'] ;
$query = "SELECT * FROM protect_users WHERE id = '{$user}'";
$rr = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($rr) == 0) login_get() ; // user_not_found()
$row = mysql_fetch_assoc($rr) ;
if($row["passwd"] != $passwd) login_get() ; // password_error()
}
function login_get()
{
if (isset($_POST['user']) && isset($_POST['passwd'])) {
setcookie("protect_user", $_POST['user'], time()+864000, '/') ;
setcookie("protect_passwd", crypt($_POST['passwd'], 'pc'), time()+864000, '/') ;
die("<meta http-equiv='refresh' content='0; url=?'><a href='?'>Wait ...</a>") ;
}
echo "<html><head><title>Login</title><style type='text/css'>TD, .in {font-size: 12}</style></head><body><table width='100%'><tr><td align='center'><table>" ;
echo "<form action='?' method='post'>" ;
echo "<tr><td>Username :</td><td><input name='user'></td></tr>" ;
echo "<tr><td>Password :</td><td><input type='password' name='passwd'></td></tr>rn" ;
die("<tr><td> </td><td align='center'><input type='submit' name='Login' value='Login'></td></tr></form></table></td></tr></table></body></html>") ;
}
function protect_admin()
{
echo "<html><head><title>Admin Section</title><style type='text/css'>TD {font-size: 12}</style></head><body><table width='100%'><tr><td align='center'>" ;
if (isset($_POST['add_user']) && isset($_POST['add_passwd'])) add_user($_POST['add_user'], $_POST['add_passwd']) ;
elseif (isset($_POST['chg_user']) && isset($_POST['chg_passwd'])) chg_user($_POST['chg_user'], $_POST['chg_passwd']) ;
elseif (isset($_POST['del_user'])) del_user($_POST['del_user']) ;
elseif (isset($_POST['list_users'])) list_users() ;
echo "<table><form action='?' method='post'>" ;
echo "<tr><td colspan=2><font color=blue><b>Add a New User</b></font></td></tr>" ;
echo "<tr><td>Username :</td><td><input name='add_user'></td></tr>" ;
echo "<tr><td>Password :</td><td><input type='password' name='add_passwd'></td></tr>rn" ;
echo "<tr><td> </td><td align='center'><input type='submit' name='add' value='Add'><hr></td></tr></form>" ;
echo "<form action='?' method='post'>" ;
echo "<tr><td colspan=2><font color=blue><b>Change Users Info</b></font></td></tr>" ;
echo "<tr><td>Username :</td><td><input name='chg_user'></td></tr>" ;
echo "<tr><td>New Pass :</td><td><input type='password' name='chg_passwd'></td></tr>rn" ;
echo "<tr><td> </td><td align='center'><input type='submit' name='chg' value='Update'><hr></td></tr></form>" ;
echo "<form action='?' method='post'>" ;
echo "<tr><td colspan=2><font color=blue><b>Delete a User</b></font></td></tr>" ;
echo "<tr><td>Username :</td><td><input name='del_user'></td></tr>" ;
echo "<tr><td> </td><td align='center'><input type='submit' name='chg' value='Delete'><hr></td></tr></form>" ;
echo "<form action='?' method='post'>" ;
echo "<tr><td colspan=2><font color=blue><b>List All Users</b></font></td></tr>" ;
echo "<tr><td> </td><td align='center'><input type='hidden' name='list_users' value='1'><input type='submit' name='lst' value='List Users'><hr></td></tr></form>" ;
die("</form></table><hr width=50%>[ <a href='?logout=1'>Logout</a> ]</td></tr></table></body></html>") ;
}
function add_user($u, $p)
{
global $link ;
$chars = count_chars($u) ;
if($chars[0] || $chars[ord("'")] || !$u || !$p) { die('Bad username/password .') ; }
$query = "SELECT * FROM protect_users WHERE id = '{$u}'";
$rr = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($rr) != 0) { echo('<font color=red>User already exists .</font><hr width=50%>') ;
return ; }
$pass = crypt($p, 'pc') ;
$query = "INSERT INTO protect_users VALUES ('{$u}', '{$pass}')";
$r = mysql_query($query) or die("Query failed : " . mysql_error());
echo "<font color=red>User added .</font><hr width=50%>" ;
}
function chg_user($u, $p)
{
global $link ;
$chars = count_chars($u) ;
if($chars[0] || $chars[ord("'")] || !$u || !$p) { die('Bad username/password .') ; }
$query = "SELECT * FROM protect_users WHERE id = '{$u}'" ;
$rr = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($rr) == 0) { echo('<font color=red>User doesnt exist .</font><hr width=50%>') ;
return ; }
$pass = crypt($p, 'pc') ;
$query = "UPDATE protect_users SET passwd = '{$pass}' WHERE id = '{$u}'";
$r = mysql_query($query) or die("Query failed : " . mysql_error());
echo "<font color=red>User changed .</font><hr width=50%>" ;
if ($u=='admin') { die("<meta http-equiv='refresh' content='2; url=?'><a href='?'>Wait ...</a>") ; }
}
function del_user($u)
{
global $link ;
if ($u=='admin') die("User 'admin' can not be deleted .") ;
$chars = count_chars($u) ;
if($chars[0] || $chars[ord("'")] || !$u) { die('Bad username .') ; }
$query = "SELECT * FROM protect_users WHERE id = '{$u}'" ;
$rr = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($rr) == 0) { echo('<font color=red>User doesnt exist .</font><hr width=50%>') ;
return ; }
$query = "DELETE FROM protect_users WHERE id = '{$u}'";
$r = mysql_query($query) or die("Query failed : " . mysql_error());
echo "<font color=red>User deleted .</font><hr width=50%>" ;
}
function list_users()
{
global $link ;
$query = "SELECT id FROM protect_users";
$rr = mysql_query($query) or die("Query failed : " . mysql_error());
echo "<table>" ;
while ($id = mysql_fetch_row($rr)) echo "<tr><td><font color=red>{$id[0]}</font></td></tr>" ;
echo "</table><hr width=50%>" ;
}
function protect_logout()
{
setcookie("protect_user", '', time(), '/') ;
setcookie("protect_passwd", '', time(), '/') ;
die("<center><font size=-1>Logged out .<br> [ <a href='javascript:history.back(1)'>Back</a> ]") ;
}
?>
|
|
|
Usage Example
|
<?php include("protect.php") ; ?>
<html>
<head>
<title>Hello!</title>
</head>
<body>
Hi! This page is password protected!
</body>
</html>
|
|
|
Rate This Script
|
|
|
|
Store
Your email: